CVE-2025-47406
published 2026-05-04CVE-2025-47406: Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.
PriorityP423medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.07%
0.1th percentile
Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Qualcomm Snapdragon Compute/Snapdragon Industrial IOT up to XG101039 IOCTL buffer over-read
vuldb·2026-05-04·CVSS 6.1
CVE-2025-47406 [MEDIUM] Qualcomm Snapdragon Compute/Snapdragon Industrial IOT up to XG101039 IOCTL buffer over-read
A vulnerability labeled as critical has been found in Qualcomm Snapdragon Compute and Snapdragon Industrial IOT. This vulnerability affects unknown code of the component IOCTL Handler. The manipulation results in buffer over-read.
This vulnerability is identified as CVE-2025-47406. The attack is only possible with local access. There is not any exploit available.
The affected component should be upgraded.
GHSA
GHSA-75cg-pp3q-vrg5: Information Disclosure while processing IOCTL handler callbacks without verifying buffer size
ghsa_unreviewed·2026-05-04
CVE-2025-47406 [MEDIUM] CWE-125 GHSA-75cg-pp3q-vrg5: Information Disclosure while processing IOCTL handler callbacks without verifying buffer size
Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-04
Published